Examining Information Security Controls in the Human Resource Department of Kampala International University, Uganda from 2013-2018

ABSTRACT 

The research study was based on examining information security controls in the Human Resource Department of KIU, Uganda. The objectives of the study were; to analyze the information security controls in the Human Resource department of Kampala International University, to explore the extent of compliance to information security objectives at Kampala International University, to investigate the challenges of information security at Kampala International University, and also to ascertain if there was a significant relationship between challenges of information security of records and security objectives at Kampala International University. A correlation study was used to establish if there was a significant relationship between challenges of information security and security objectives at Kampala International University. This was because the study focused on establishing if there was a significant relationship between challenges of information security and security objectives in Kampala International University. A sample size of 65 respondents was taken from the target population of 78 respondents using the solvens formula; data was analyzed using Statistical Package for Social Scientists (SPSS) version 16.0. Pearson Linear Correlation Co-efficiency (PLCC) was used to establish if there is a significant relationship between challenges of information security and security objectives at KIU. The study found out that there was no significant relationship between challenges of information security of records and security objectives in KIU. The level of significance was 0.460 which implied that there was no significant relationship between challenges of information security and security objectives in KIU. The null hypothesis was accepted and the alternate hypothesis was rejected. This therefore caused the researcher to suggest the following recommendations: KIU; should ensure that information is not disclosed to unauthorized persons by ensuring that there is tight security in information based areas, should protect information from being modified by unauthorized parties by ensuring password usage, should maintain an ongoing awareness of attack threats through security information sources, should educate its employees in safe computing practices, such as installing anti-virus software on servers and desktops.

TABLE OF CONTENTS

DECLARATION ..............................................................................................................................i

APPROVAL ....................................................................................................................................ii

DEDICATION................................................................................................................................iii

ACKNOWLEDGEMENT ..............................................................................................................iv

TABLE OF CONTENTS................................................................................................................. v

LIST OF TABLES........................................................................................................................viii

LIST OF FIGURES ........................................................................................................................ix

LIST OF ACRONYMS ................................................................................................................... x

ABSTRACT...................................................................................................................................xii

CHAPTER ONE.............................................................................................................................. 1

INTRODUCTION ........................................................................................................................... 1

1.0 Background of the study ........................................................................................................ 1

1.1 Statement of the problem ....................................................................................................... 3

1.2 General objective ................................................................................................................... 4

1.3 The Specific Objectives ......................................................................................................... 4

1.5 Hypotheses............................................................................................................................. 5

1.6 Scope...................................................................................................................................... 5

1.6.1 Conceptual scope ................................................................................................................ 5

1.6.2 Geographical scope ............................................................................................................. 5

1.6.3 Theoretical scope ................................................................................................................ 6

1.6.4 Time scope .......................................................................................................................... 6

1.7 Significance of the study........................................................................................................ 6

1.8 Operational definition of key terms ....................................................................................... 6

CHAPTER TWO ............................................................................................................................. 7

LITERATURE REVIEW ................................................................................................................ 7

2.0 Introduction............................................................................................................................ 7

2.1 Theoretical review.................................................................................................................. 7

2.2 Conceptual framework........................................................................................................... 8

2.3 Information security............................................................................................................. 11

2.4 Information security objectives........................................................................................... 20

2.5 Information security controls............................................................................................... 26

2.6 Information security challenges........................................................................................... 28

2.7 Related studies ..................................................................................................................... 30

2.8 Research gap ........................................................................................................................ 32

CHAPTER THREE ....................................................................................................................... 33

METHODOLOGY ........................................................................................................................ 33

3.0 Introduction.......................................................................................................................... 33

3.1 Research design.................................................................................................................... 33

3.2 Research population............................................................................................................. 33

3.3 Sample size........................................................................................................................... 34

3.4 Sampling procedure ............................................................................................................. 35

3.5 Research instrument............................................................................................................. 35

3.6 Validity................................................................................................................................. 36

3.7 Reliability............................................................................................................................. 37

3.8 Data gathering procedures.................................................................................................... 38

3.9 Data analysis ........................................................................................................................ 38

3.10 Ethical considerations ........................................................................................................ 38

3.11 Limitations......................................................................................................................... 39

3.12 Delimitations………………………………………………………………………………38

CHAPTER FOUR.......................................................................................................................... 40

DATA PRESENTATION AND ANALYSIS ............................................................................... 40

4.0 Introduction.......................................................................................................................... 40

4.1 Profile of the respondents..................................................................................................... 40

4.2 Descriptive statistics............................................................................................................. 48

4.2.1 Descriptive statistics to establish information security controls at KIU. .......................... 44

4.2.2 Descriptive statistics for exploring the extent of compliance to information security objectives at KIU…………………………………………………………………………………47

4.2.3 Descriptive statistics to investigate challenges to information security in KIU……….50

4.3 Establish of the relationship between challenges to information security and information security objectives in KIU…………………………………………………………………….51

4.6 Regression analysis……………………………………………………………………….52

CHAPTER FIVE…………………………………………………………………………………55

DISCUSSION OF FINDINGS, CONCLUSION AND RECOMMENDATIONS………………55

5.0. Introduction......................................................................................................................... 55

5.1 Discussion of findings.......................................................................................................... 55

5.2. Conclusion........................................................................................................................... 57

5.3 Recommendations................................................................................................................ 58

5.4. Areas for further studies...................................................................................................... 59

REFERENCES .............................................................................................................................. 60

APPENDICES ............................................................................................................................... 68

APPENDIX I: CONSENT FORM................................................................................................. 68

APPENDIX II: QUESTIONNAIRE.............................................................................................. 69